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'9 MAY 1978 • 

\ 

MEMORANDUM FOR: Chief, Security Staff, OL 

FROM: . | | 

Systems Analysis Branch, EO/OL 

SUBJECT: SECOND System Definition Study 


1. We are pleased to submit, for your approval, 
the attached System Definition Study for the SECOND 
project. This study was prepared as a joint effort 
by members of your staff and myself. 


2. If you would like SAB to follow up with a 
project proposal as outlined in the recommendation, 
please sign below and return the original copy. The 
current Computer Services Request (24A38ED) will then 
be extended to include the project proposal. 


3. If there , are any questions, 
on extension 


please call me 


_AL 

| STATINTL 

Attachment: System Definition Study 


CONCURRENCE: 


_ /^L 

Chief, SAB/eoTol 


.• ■*/ 
?..h; 


Date 


Chief, B Division, ODP Date 


Chief , Security Staff, OL Date 
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I. INTRODUCTION 

This System Definition Study is in response to a 
r.equest from the Director of Logistics, for Office of 
Data Processing (ODP) support on the Industrial Security 

(SECOND) . Included in this report is a description 
n^o h a CUrrent procedure, the problems with the current 
a^ecommerir? 3 ^ ' enu ^ eratlon of the system requirements and 
prog^ST 5 tl0n t0 automate the industrial Security 
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IJ . MISSIONS AND OBJECTIVES 

-1. The Office of Logistics, Security Staff, (OL/SS) 
has been tasked with the responsibility of maintaining an 
industrial security program. The industrial security program 
was established to provide secure methods by which the 
Central Intelligence Agency may procure supplies, equipment, 
services, and conduct research and development outside the 
Agency with the least risk of exposing the classified pur- 
pose to unauthorized personnel. 

2. OL/SS receives approximately eighty calls per 
day from interested persons and offices both internal and 
external to the Agency. In order to answer these inquiries 
in a timely manner and provide support to all using Agencv 
components it is necessary to maintain manually a 3x5 card 
file of approximately 65,000 cards. Approximately 50 of 
t.he eighty calls per day require accessing the card file. 


a 
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III. DESCRIPTION OF CURRENT SYSTEM 

1. The unique nature of the Agency’s procurement 
methods place different and unusual requirements on the 
Agency’s" industrial security program. There are two areas 
of classification in the Agency’s procurement methods: 

a. the relationship of the Agency to the 
contractor, i.e., whether the identity 
of the Agency as purchaser is classified; 

b. the classification of the work and reports 
of the end product. 

2. When an Agency component levies a procurement 
requirement upon OL, the requirement normally specifies the 
classification of both the Agency contractor relationship 
and the end product. If either aspect is classified the 
following takes place: 

a. OL/SS makes a manual review of its records 
to determine whether the specified vendor 
has a current or prior classified relation- 
ship with the Agency. If no prior relation- 
ship exists the following steps are initiated 

1. the corporate officer's name 
is run through Office of 
Security indices; 

2. the vendor will be contacted 
in person, utilizing CIA 
credentials; 

3. the corporate officer will 

be told of the Agency interest 
in doing business with them; 

4. requested to sign a secrecy 

agreement; and J 

5. requested to provide sufficient 
biographic data for security 
processing purposes. 
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b. If a prior relationship exists, the above 
process, 1 through 5, is performed as 
required to reinstate the contractor. 

3. . Once the above steps are completed and the Office 
of Security issues an approval the corporate officials are 
Visited once again, and requested to appoint a -corporate 
security officer who will be OL/SS referent for the term 
of the contractual relationship. Thereafter, the bulk 
of OL/SS contact is with the corporate security officer 
who will have been approved and briefed. He will be 
furnished with the Security Requirements for Contractors 
(Green Book) or Standard Security Procedures for Contrac- 
tors (White Book) , a supply of Personal History Statements, 
Request for Industrial Security Approval forms, and 
codeword access, as appropriate. He will also have a 
supply of Form 670 (index cards) which will ultimately 
comprise OL/SS records of Industrial Security Approval 


Once the contractor furnishes OL/SS with the 
required data to process an Industrial Security Approval 
(ISA) , the following takes place; 


a. All documents are dated and forwarded to 
Security for processing; 

b. A Form 670 (3x5 card) is filed in the pend- 
ing file; 

c. if Security grants the Industrial Security 
Approval: 

1. the card is moved from the pending 
file to the active file, two copies 
are kept, one alphabetical by name 
and one by contractor and name. 

2. Notify contractor. 

1. If Industrial Security Approval is not 
granted: 

1. Notify contractor; 

2. File disapproval notice. 
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5. The contractor continues to supply data to OL/SS 
as required by the regulations. If an employee leaves the 
company, transfers to another project, or the contract is 
completed, the Form 670 (3x5 card) is moved from the active 
file to the termination file. 

6. A liaison file is maintained for personnel in other 
Federal Agencies and departments on whom security liaison 
approvals requested by OL have been granted. 

7. A Contact Approval file is maintained for personnel 

who are contacted before a^jfull Industrial Security Approval 
is processed. — 

8. The information contained on Form 670 (3x5 card) 
in the system consist of the following: 

Name 

Date of Birth - • 

Place of Birth 
SSN 

Security File Number 
Contractor Name 
Contractor Address 
Job/Title 
DOD Clearance 
Level 
Date 

Industrial Security Approval 
Level 

Approval Date 
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IV * PROBLEMS WITH THE CURRENT SYSTEM 

1. Many problems can arise when handling^ manual 
card system of this size, with the Industrial Security 
system the most prominent problems are the following: 



Ad hoc questions often require hours of 
searching cards, tallying and notekeeping, 
and typing detail listings after the infor- 
mation is collected. 

The current method of updating the cards 
is antiquated. Physical sorts are required, 
in that cards must be matched and placed 

the correct position in the appropriate 
tile. As changes are processed the cards 
must be physically moved from one file to 
another. 


Cards are stored in OL/SS. Care must 
be taken that nothing happens to the cards; 
a dropped file would take hours of manual 
work to reconstruct. 


There are no standards to assure cards are 
not misfiled or lost. 

There is no backup for the file. 
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V. ' USER REQUIREMENTS 

1. The present requirements for the Industrial 
Security system are as follows: 


a. Conversion of present card files (ISA 
contractor personnel, pending file, term- 
ination) . 

b. Provide the capability to query the data 
on any data element, or combination of data 
elements, within the database with an immediate 

.. response. Typical queries are: 

1. What is the level of the ISA for John 
Doe? 

2. What is John Doe’s job title? 

3. Has John Doe signed a secrecy 
agreement? 

4. How many people working for the ABC 
Company in the Boston area have a 
Top Secret clearance, thr ee years old 5/ 
or older? 

5. What is the facility approval status 
of the XYZ Company? 



The ability to update a database, (add, cha]^g(e£Q |0 
delete) , approximately 700 transactions a 
month. 


Addition of five data elements; 

1 . date briefed; 

date terminated; 
security agreement; 

ia?) ! 

facility!/ approval status; and 


2 . 

3. 

4. 

5. 


facility^ approval level/, 5 , 


5 
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e. Produce preformatted alphabetical printout 
by individual names on request. 

f. ' Produce preformatted alphabetical printout 

by individual names within contractor on 
request. 

* 

g. The ability to produce , on request, ad hoc 
reports . 

h. Provide a validation of all data recorded 
in the system to ensure its accuracy. 

i. Provide the capability for reporting all 
deliquent security requests. 

j . Provide a method of backup in the event of 
primary data or system damage . 

2 . System Elements : 

A list of required elements are as follows: 

a. NAME (Last, First, MI) 

b. Social Security Number 

c. Date of Birth 

d. Place of Birth 

e. Security File Number 

. f. Contractor Name 

g. Contractor Address (Street, City, State, Zip) 

h. Job Title 

i. Work Location (Street, City, State, Zip) 

j. DOD Clearance (Date, Level) 

k. Industrial Security Approval (Date, Level) 

l. Date Briefed 
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m. 

Date Terminated 



Security Agreemen- 

t SignedJ 

o. 

Facility Approval 

Status 

P* 

Facility Approval 

Level 
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VI . ALTERNATIVES 

1. In order to meet all the requirements of the 
customer/ a database management system appears to be 
the most desirable solution. The database management 
system will' permit the user to store, manipulate, retrieve 
and display quantities of data. 

2. There are three database management systems 
currently used within the Office of Data Processing (ODP) , 
Rapid Access Management Information System (RAMIS) , 

National Information Processing System (NIPS) , and 
General Information Management System (GIMS) . 

3. In search of a system to meet the requirements 
stated RAMIS and NIPS were rejected. 

3.1 RAMIS was rejected primarily because it 
has not yet proven itself in handling a 
moderately sized (approximately 35,000 
records) database. 

3.2 The NIPS system was rejected from considera- 
tion because it is strictly a batch system 
and will not support the rapid query cap- 
ability desired in the requirements. In. 
addition, .NIPS does not support an inter- 
file query capability. It should also 

be noted that if the system is implemented 
in a NIPS batch mode and the user require- 
ments are not met, the system cannot be 
converted from batch to on-line mode with 
a minimal effort. 

4. GIMS is a database system that has a hierarchical 
data storage philosophy. In addition to data storage 

and retrieval,' GIMS handles its own terminal communica- 
tions, printers and input/output methods. The database 
can be available in either a batch or an on-line mode. 

The report facility uses Basic Automatic Report Format 
(BARF) or special PL/I programs. An Industrial Security 
system under GIMS could have the following structure: 
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a. A pending file which would contain basic 
biographical data on pers onnel who have 
industrial security approvals in process 

b. A cleared contractor file which would 
contain biographical data on person nel 
who have active industrial security 
appro vals . 

c. A termination file which would contain 
biographical data on personne l who have 
at one time held an industrial s ecuri ty 
approval, 

d. A name index file which would contain 
names (last, first) of personne l in the 
cleared contractor file. This file would 
provide the ability to query by name and 
receive a quick response on personnel 
who have an active approval. 

e. A contractor file which would contain 
data on the contractors who have personnel 
with industrial security approvals! 

f. The database would be available under the 
MVS/JES3 system in either the batch or an 
on-line mode. 

g. In the batch mode, GIM statements to up- 
date, query, and extract data would be. 
created in a file on the VM/370 system 
and batched to the GIM system through a 
Batchmon link. All output would then 
be printed under the JES3 system. 

h. In the on-line mode, data input would be 
accomplished directly through GIM supported 
menus displayed. at the terminal and read 
by routines coded in the GIM procedure 
language. Ad hoc queries could be formed 
in GIM statements directly at the 
terminal with an immediate response to 
the same terminal. Copies of these queries 
can be printed at a Texas Instruments 
printer immediately connected to the 
terminal or at a printer connected to 
the computer running the GIM system. 
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VII. RECOMMENDATION 

1. It is recommended that the SECOND system be 
implemented using the on-line GIMS database system for 
the following reasons: 

a. The on-line GIM system will offer the 
user immediate updates through menu 

'■ input, and a prompt resolution of errors. 

b. Once the database is operational, the 
primary activity will be queries. The 
GIMS user language is English like and 
will permit the user to access data 
without knowing how or where the data 
is stored. 

c. The GIMS off-line batch system was re- 
jected primarily because of the user 
requirement for immediate response to 
queries. Other considerations were, 
database and listings are always out of 
date because of projected frequent up- 
dates, an incorrect query is not detected 
until a listing is received, and ad hoc 
reports on a batch database can be cum- 
bersome. 

d. Cost for the on-line and off-line systems 
is relatively equal. 

2. The GIM system has the capability to more 
than adequately meet the requirements specified. How- 
ever, the user should be aware that the level of know- 
ledge needed by both the user and programmer to create 
and maintain the system is very high. Learning the GIM 
system is a non-trivial process and the user is required 
to learn the GIM query language, GIM data extraction 
process, and the basic VM commands. Use of ODP Training 
courses and SAB personnel's expertise should provide 
the necessary skills for OL/SS to operate the system. 
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3. GIMS had a bad track record prior to the re- 
lease of the 360/1S5 computer. Since its implements tio 
on a 370/1S8 we have experienced an average availabil 
rate of 92%. Response time is also currently accepts 

4. In summary, GIMS seems to be the only ODP 
database management system which has the capability 
to satisfy the requirements of this particular system. 
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VIII. COST AND TIME REQUIREMENTS 

o mrir .iu c i It yq is ® stima ted_ that this system will reouire 
8 months to develop and will cost approximately $34,510, 
A breakdown of cost is provided: 


• TIME 

COST 

MACHINE 

40 Hrs 

$680 


80 

1360 

$ 150 

960 

16,320 

12,000 

80 

1360 

150 

120 

2040 

450 


Verify Data Elements 
Prepare Menus 
Develop Procedures and 
Dictionaries 
Develop BARF Reports 
User Testing and 
Training 

.. . ?* 0nce system is developed it is estimated 

J e 1 S° nVerS10neff0rt and fuil implementation will 
require 10 man-montns tor OL/SS to input data. The ■* 

C °f fc f ? r conversi °n will be approximately $22,602, 
If the system is accepted it is recommended that other 
conversion methods be considered (i.e. iv Phase, key- 
punching) which may reduce the time and cost. 

3 : _ The P r °jected operating cost of this system 

after .implementation will be approximately $4,000 a 
month. • 1 
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